Total
5262 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22686 | 2025-02-03 | 5.3 Medium | ||
| Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17. | ||||
| CVE-2025-24642 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 6.5 Medium |
| Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2. | ||||
| CVE-2025-24643 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 6.5 Medium |
| Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. | ||||
| CVE-2025-22260 | 2025-02-03 | 4.3 Medium | ||
| Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1. | ||||
| CVE-2025-22677 | 2025-02-03 | 4.8 Medium | ||
| Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3. | ||||
| CVE-2025-22681 | 2025-02-03 | 4.3 Medium | ||
| Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1. | ||||
| CVE-2025-22694 | 2025-02-03 | 4.3 Medium | ||
| Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0. | ||||
| CVE-2023-23715 | 1 Ultimatemember | 1 Jobboardwp | 2025-02-03 | 5.2 Medium |
| Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2. | ||||
| CVE-2024-53816 | 1 Themeum | 1 Tutor Lms Elementor Addons | 2025-02-03 | 4.3 Medium |
| Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5. | ||||
| CVE-2024-57726 | 1 Simple-help | 1 Simplehelp | 2025-01-31 | 9.9 Critical |
| SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. | ||||
| CVE-2018-9406 | 1 Google | 1 Android | 2025-01-31 | 5.5 Medium |
| In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-12104 | 1 Atarim | 1 Visual Website Collaboration\, Feedback \& Project Management | 2025-01-31 | 5.3 Medium |
| The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. This makes it possible for unauthenticated attackers to delete project pages and files. | ||||
| CVE-2024-11583 | 1 Visualmodo | 1 Borderless | 2025-01-31 | 4.3 Medium |
| The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete icon fonts that were previously uploaded. | ||||
| CVE-2024-12269 | 1 Wpmessiah | 1 Safe Ai Malware Protection For Wp | 2025-01-31 | 7.5 High |
| The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the site's database. | ||||
| CVE-2024-30487 | 1 Sonaar | 1 Mp3 Audio Player For Music\, Radio \& Podcast | 2025-01-31 | 7.6 High |
| Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1. | ||||
| CVE-2024-13415 | 2025-01-31 | 4.3 Medium | ||
| The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings. | ||||
| CVE-2024-13424 | 2025-01-31 | 4.3 Medium | ||
| The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and modify commission amounts. | ||||
| CVE-2024-13530 | 2025-01-31 | 4.3 Medium | ||
| The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_log(), and lps_handle_end_session() functions in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete login logs and end user sessions. | ||||
| CVE-2025-22265 | 2025-01-31 | 6.5 Medium | ||
| Missing Authorization vulnerability in mgplugin EMI Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EMI Calculator: from n/a through 1.1. | ||||
| CVE-2025-22720 | 2025-01-31 | 5.8 Medium | ||
| Missing Authorization vulnerability in MagePeople Team Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.1. | ||||